CVE-2017-17773

CVE

Critical

In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD…

CVSS

9.8

Critical

EPSS

0.01

p70

Published

2017-01-01

Updated

2017-01-01

Description

In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow.

Tags · CWE

RCEPre-auth

CWE-119

CAPEC-8

CAPEC-9

CAPEC-10

CAPEC-14

CAPEC-24

CAPEC-42

CAPEC-44

CAPEC-45

CAPEC-46

CAPEC-47

CAPEC-100

CAPEC-123

Affected products

Mdm9206_firmwareMdm9607_firmwareMdm9650_firmwareMsm8909w_firmwareS820am_firmwareSd_205_firmwareSd_210_firmwareSd_212_firmwareSd_400_firmwareSd_410_firmwareSd_412_firmwareSd_415_firmwareSd_425_firmwareSd_430_firmwareSd_450_firmwareSd_600_firmwareSd_602a_firmwareSd_615_firmwareSd_616_firmwareSd_617_firmware

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2017-01-01

Published

2017-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.015 · p70

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Qualcomm

Mdm9650 Mdm9650 Firmware Mdm9206 Mdm9607 Mdm9206 Firmware Mdm9607 Firmware Msm8909w Msm8909w Firmware Sd 625 Sd 625 Firmware+48

Product	Vendor	Status
mdm9206_firmware	*	Tracked
mdm9607_firmware	*	Tracked
mdm9650_firmware	*	Tracked
msm8909w_firmware	*	Tracked
s820am_firmware	*	Tracked
sd_205_firmware	*	Tracked
sd_210_firmware	*	Tracked
sd_212_firmware	*	Tracked
sd_400_firmware	*	Tracked
sd_410_firmware	*	Tracked
sd_412_firmware	*	Tracked
sd_415_firmware	*	Tracked
sd_425_firmware	*	Tracked
sd_430_firmware	*	Tracked
sd_450_firmware	*	Tracked
sd_600_firmware	*	Tracked
sd_602a_firmware	*	Tracked
sd_615_firmware	*	Tracked
sd_616_firmware	*	Tracked
sd_617_firmware	*	Tracked

Showing first 20 of 29

Source databases

CVE

Related vulnerabilities

BDU:2018-00588